By Danny Freese on February 23, 2023APISecOps Tutorial: Delivering APIs Securely Together with Kong Konnect and Red Hat OpenShift Service on AWS (ROSA) Tutorials | 3 MIN READRed Hat OpenShift is the industry’s leading enterprise Kubernetes platform that runs ubiquitously across on-prem, and the cloud. With Red Hat OpenShift Service on AWS (ROSA), a managed Red Hat OpenShift platform that runs natively on AWS, it is even easier to get kick-started on an enterprise-ready instance of Red Hat OpenShift in the cloud.Kong similarly distinguishes itself as a multi-platform, multi-cloud API Management solution pushing the vision of APIs. Here at Kong, we want to demonstrate to the Red Hat community that we are committed to delivering enterprise-grade solutions.In this climate of technology, the top two concerns organizations are facing today are, first, how to manage the sprawl of APIs as they distribute across a multi-platform, hybrid cloud ecosystem. Second, in this same landscape, how to deliver secure APIs with a strategy that can be applied ubiquitously across their hybrid cloud infrastructure.APISecOps in a Hybrid Cloud. How do we take action on this?To answer this question, we built a tutorial to walk you through an end-to-end APISecOps solution. You will learn how the four principles of APISecOps — Centralization, Governance, API Design-First, and GitOps — can be applied to build secure APIs in a hybrid cloud ecosystem.APISecOps TutorialFor this tutorial the tooling will be as follows:Kong Konnect for API ManagementKong Insomnia for API DesignKong’s API pipeline tools: Inso CLI and decK CLIRed Hat OpenShift Pipelines for building out the CI/CD solutionROSA for the platform of choiceYou will start with configuring the infrastructure by running an Ansible playbook to configure Kong Konnect Gateways on ROSA. Each gateway will be associated with a Konnect Runtime Group (Sandbox/Default and Dev) to demonstrate the API promotion scheme.Then you will get your hands dirty by walking through the APISecOps pipeline yourself. APISecOps begins with API Design-First phase by updating an API Spec in Kong Insomnia, Kong’s API design and testing suite.This will follow with stepping through several Tekton Pipelines to pass the API spec through governance review, convert the API Spec to Kong’s decK manifest and finally, promoted to the two environments. For this demo, we’ve taken the time to build Tekton Tasks for the Inso CLI and deck CLI too that are designed to support API pipelines and Kong gateway manifests.Then you will close off with a demonstration of how to host your API documentation in Konnect with Service Hub and Dev Portal.Get StartedCheck out the Kong APISecOps repository on GitHub!We also have corresponding videos on YouTube that walk you through the entire tutorial! Don’t be too nervous, each video is about 5–8 min long:1. Intro 2. Getting Started Part 1 – Deploy Infrastructure3. Getting Started Part 2 – Infrastructure Review4. API Design in Insomnia5. Tekton Pipeline 1 – Submit APISpec to Review6. Tekton Pipeline 2 – Governance and Deploy to Sandbox7. Tekton Pipeline 3 – Deploy to Dev8. Documentation with Service Hub and Dev PortalCheck out our blog post How APISecOps Protects Against API Abuse to learn about APISecOps best practices.Share PostSubscribe to Our Newsletter! Tags: API Security Kong Konnect tutorial